(Where)
A good building architect would never build a plan for a house if he had no idea where the house was going to be located, how big the lot is, what the zoning restrictions are, what the climate is like, and all of those constraints that come with the location of the building. For example, in Florida, much of the architecture of a house focuses on withstanding high winds during hurricane season and extreme heat during the summer. The architecture for a new house in Toronto will likely avoid the design costs associated with withstanding hurricane-force winds but instead focus more on holding up to cold temperatures and distributing heat evenly throughout the structure.
With cloud computing, it is critical to understand the impact of laws as they relate to the locale where the cloud services are being consumed and where the data is being stored. Laws and regulations have different constraints across countries, provinces, states, and even counties. For example, in the couponing industry, marketing campaigns focusing on tobacco, alcohol, and even dairy must comply with laws against promoting these categories within certain counties. The 2013 Global Cloud Computing Report Card, published by Business Software Alliance (BSA), stated, “Cloud services operate across national boundaries, and their success depends on access to regional and global markets. Restrictive policies
that create actual or potential trade barriers will slow the evolution of cloud computing.” Some countries, like Japan, have modernized their legislation around privacy law, criminal law, and IP protection to facilitate the digital economy and cloud computing. On the other end of the spectrum are countries, like China, that have complex laws that discriminate against foreign technology companies and restrict the types of data that can flow in and out of the country. Countries that have restrictions on data transfers outside of their country create challenges for technology companies trying to build cloud solutions.
Perhaps one of the most controversial laws impacting cloud computing is the USA Patriot Act of 2001. The Patriot Act was signed into law shortly after the 9/11 terrorist attacks on the World Trade Center in New York City. This new legislation gave the U.S. law enforcement and intelligence agencies the ability to inspect digital data from any U.S. company or any company that conducts business in the United States. Many non-U.S. countries storing sensitive data fear that the U.S. government might seize their data and therefore choose to store their data in-house and opt out of the cloud. What many people don’t know is that many countries have similar laws that give their intelligence agencies the same type of power and access that the Patriot Act has in order to help protect against terrorism.
Architects need to become familiar with the laws and regulations that pertain to their business and their data. The impact of these laws can influence decisions like public versus private cloud, cloud versus noncloud, and local vendor versus international vendor. Often, hybrid cloud solutions are used to address these concerns. Companies often leverage
public IaaS or PaaS service models for the majority of their processing needs and keep the data they do not want subject to seizure under laws like the Patriot Act in a private cloud or in an in-house noncloud data center.
A more exciting where question is: What devices and touchpoints are these cloud services being accessed by? Today’s users consume data through channels on many touchpoints. We consume information on the web, on mobile devices and tablets, with scanners, and with medical devices, to name a few. Even our cars, refrigerators, home security systems, and almost anything with an IP address can interact with end users in this day and age. Knowing up front what all of these touchpoints are can drive some important decisions. AEA Case Study: Mobile Development Decision
Let’s assume AEA plans to allow users to access its auction site on smart phones and feature phones, tablets, PCs, and laptops and also publish its APIs so that other website properties can embed AEA auctions within their sites. A lot of development is required to support all of those different touchpoints, browser versions, and third-party websites, which likely are written in a variety of languages, like .NET, PHP, Python, and so on. AEA may choose a PaaS solution specializing in mobile devices and tablets to expedite and simplify the development process. These platforms are sometimes referred to as Mobile Backend as a Service (mBaaS) and focus on allowing the developers to build one code base that can run seamlessly across multiple device types and browser versions.
SaaS vendors like Apigee, Mashery, and Layer 7 Technologies provide cloud services for building APIs to
publish to third parties. These SaaS tools provide security, transformation, routing, web and mobile analytics, and many other important services that allow the developers to focus on their business requirements. Like the mobile PaaS tools, the API SaaS tools increase the developers’ speed to market and reduce maintenance because the vendors take care of supporting new technologies, standards, and patterns. For example, if a new device becomes popular or a change is made to a standard like OAuth, the mobile PaaS and API SaaS vendors update their products, allowing the developers to focus on their business needs.